Add option to apply which shows annotation #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test GitHub annotation | |
| on: pull_request | |
| jobs: | |
| test-github-annotation: | |
| name: Test GitHub annotation | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup gitleaks | |
| env: | |
| TARGET: linux_amd64 | |
| VERSION: 8.18.1-patch1 | |
| # From https://github.com/taiki45/gitleaks/releases/download/v${VERSION}/gitleaks_${VERSION}_checksums.txt | |
| SHA256_SUM: aed536718ac444b6727754ca2e34e243ec1aee8bce928975233709d57bc61387 | |
| # Explicitly specifing `bash` changes behavior: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell | |
| shell: bash | |
| run: | | |
| set -x | |
| curl -L "https://github.com/taiki45/gitleaks/releases/download/v${VERSION}/gitleaks_${VERSION}_${TARGET}.tar.gz" -O | |
| echo "${SHA256_SUM} gitleaks_${VERSION}_${TARGET}.tar.gz" | sha256sum --check | |
| # Generate `gitleaks` binary | |
| tar --extract --gzip --file "gitleaks_${VERSION}_${TARGET}.tar.gz" --verbose | |
| sudo install gitleaks /usr/local/bin/gitleaks | |
| - uses: dtolnay/rust-toolchain@439cf607258077187679211f12aa6f19af4a0af7 # Latest as of 2023-11-16 | |
| with: | |
| toolchain: stable | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Test apply | |
| env: | |
| REPORT_PATH: tmp/report.json | |
| shell: bash | |
| run: | | |
| set -x | |
| mkdir -p tmp | |
| gitleaks detect --verbose --exit-code=0 --no-banner --config=dev/gitleaks.toml --report-path="${REPORT_PATH}" | |
| cargo run apply --no-fail --format=github --config-path=dev/gitleaks-allowlist.toml --report-path="${REPORT_PATH}" |